Privacy Policy

Our privacy policy and how we use your data

1. Introduction

Real Code Ltd ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and protect your information when you use SME System.

2. Data Controller

Data Controller: Real Code Ltd

Address: 86-90 Paul Street, London, EC2A 4NE

Company Registration: 8919593 (England and Wales)

ICO Registration: ZB939242

3. Data We Collect

3.1 Account Information

  • Name and email address
  • Organisation details
  • Billing information (processed securely via Stripe)

3.2 Business Data (Your Data)

SME System is designed to store your business data including:

  • Customer and supplier contacts (names, addresses, contact details)
  • Sales leads and pipeline information
  • Product catalogues and pricing
  • Orders and quotes
  • VAT numbers and financial data

You retain full ownership and control of all business data you input into SME System.

3.3 Technical Data

  • IP address and device information
  • Usage logs and analytics
  • Authentication tokens

4. How We Use Your Data

4.1 To Provide the Service

  • Enable account creation and authentication
  • Store and manage your business data
  • Process subscription payments
  • Provide customer support

4.2 Legal Compliance

  • Comply with UK tax and accounting regulations
  • Fraud prevention and security
  • Legal obligations under UK law

5. Data Storage and Security

5.1 Multi-Tenant Architecture

SME System uses a multi-tenant architecture with Row-Level Security (RLS) to ensure that your data is strictly isolated by organisation. Each organisation's data is logically separated and cannot be accessed by other organisations.

5.2 Security Measures

  • All data is encrypted in transit (TLS 1.3)
  • Database encryption at rest
  • Regular security audits and penetration testing
  • Secure authentication with Supabase Auth
  • Access logging and monitoring

5.3 Data Location

Your data is stored on servers located within the European Economic Area (EEA) in compliance with UK GDPR requirements.

6. Data Sharing

6.1 Third-Party Service Providers

We use the following trusted third parties to operate the Service:

  • Supabase: Database hosting and authentication (data stored in EEA)
  • Stripe: Payment processing (PCI DSS compliant)
  • Vercel: Application hosting (data stored in EEA)

6.2 No Data Selling

We never sell your personal data or business data to third parties for marketing purposes.

7. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (GDPR), you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (right to be forgotten)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your data
  • Restriction: Request restriction of processing

8. Data Retention

  • Account Data: Retained while your account is active
  • Business Data: Retained according to your preferences and UK legal requirements
  • Deleted Accounts: Data permanently deleted within 30 days of account closure

9. International Data Transfers

We do not transfer your data outside the European Economic Area without your explicit consent and appropriate safeguards in place.

10. Children's Privacy

SME System is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification.

12. Contact Us

For privacy-related inquiries or to exercise your GDPR rights, please contact us:

Email: [email protected]

Post: Real Code Ltd, 86-90 Paul Street, London, EC2A 4NE

ICO: You also have the right to lodge a complaint with the Information Commissioner's Office (ICO)

Last updated: January 2026